root
API
Generated with
root/play/play.api/play.api.libs/play.api.libs.crypto/DefaultCSRFTokenSigner

DefaultCSRFTokenSigner

play.api.libs.crypto.DefaultCSRFTokenSigner
class DefaultCSRFTokenSigner(signer: CookieSigner, clock: Clock) extends CSRFTokenSigner

This class is used for generating random tokens for CSRF.

Attributes

Graph
Supertypes
class Object
trait Matchable
class Any

Members list

Value members

Concrete methods

def compareSignedTokens(tokenA: String, tokenB: String): Boolean

Compare two signed tokens

Compare two signed tokens

Attributes

override def constantTimeEquals(a: String, b: String): Boolean

Constant time equals method.

Constant time equals method.

Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.

Attributes

Definition Classes
def extractSignedToken(token: String): Option[String]

Extract a signed token that was signed by CSRFTokenSigner.signToken.

Extract a signed token that was signed by CSRFTokenSigner.signToken.

Value parameters

token

The signed token to extract.

Attributes

Returns

The verified raw token, or None if the token isn't valid.

def generateSignedToken: String

Generate a signed token

Generate a signed token

Attributes

def generateToken: String

Generate a cryptographically secure token

Generate a cryptographically secure token

Attributes

def signToken(token: String): String

Sign a token. This produces a new token, that has this token signed with a nonce.

Sign a token. This produces a new token, that has this token signed with a nonce.

This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

Value parameters

token

The token to sign

Attributes

Returns

The signed token

Generated with